Root Causes 330: End-to-end PQC in Use Today
Our hosts are joined by IronCap CEO Andrew Cheung as he discusses commercially available PQC solutions today, including VPN, email, and crypto currency.
- Original Broadcast Date: September 5, 2023
Episode Transcript
Lightly edited for flow and brevity.
-
Tim Callan
It's a guest episode! It's the guest episode today. We have with us Andrew Chung. Andrew is the CEO of IronCAP. Hello, Andrew.
-
Andrew Chung
Hi. Hello, Tim. Nice meeting you here and also thank you for having me here.
-
Tim Callan
Well, thank you for being on. And IronCAP, I remember IronCAP from long ago under the name Zero One Communique. You guys are a venerable Canadian technology communications firm.
-
Andrew Chung
Yep. That's right. Pure Canadian.
-
Tim Callan
But now I think you guys have gone in a very different direction. Right? And it is a PQC direction.
-
Andrew Chung
Yes. We actually was in the remote access direction. We're still selling remote access, by the way, but since about six years ago now, maybe pushing seven now, we have started a new business unit, the IronCAP business unit that focus on PQC. But after we created the toolkits, we also put the IronCAP toolkit into our own use, kind of upgrading our remote access solution to become quantum safe. So we are kind of like providing both the PQC engine as well as some kind of end user or solution then using it.
-
Tim Callan
You’re eating your own dog food. So, before we get too far into that, PQC, of course, stands for post quantum cryptography. I would probably be remiss if I didn't say that somewhere along the line. So tell us though the toolkit. So six years ago, you had a PQC toolkit and when you created that, what was the vision for how that would be used?
-
Andrew Chung
In fact, at that time, we really, really didn't know exactly what is going to be due to transpire. We just heard that quantum computer is going to change the world and we noticed about quantum computer since I was like maybe 10 years old from Mr. Spock in Star Trek. So when I heard that, again, about 10 years ago from our crypto scientist, Professor Bezzateev, he says, Andrew, you got to pay attention to the development of quantum computers because your remote access solution may have to change and totally adapt to it. And I was just saying that Doc, what I heard about that from Mr. Spock when I was like 10 years old, and are you sure it’s going to be the case? And he said, well, pay attention to it. So year after year, we kind of like keep the pace on the development. And then about six or seven years ago, we saw that IBM, Google, Honeywell, they all pouring billions of dollars into the development. So then then I went back and said, Doc, you were right. I think this is happening now. So then we started IronCAP. So that was seven years ago.
And then fast forwarding, three years, we follow the exact footsteps with NIST, when they started with the 82 candidates, and we said, we cannot do 82 candidates. We are like, yeah, we have our own proprietary algorithm, but we still have to support whatever that NIST will support and/or approve. And then we say, we got to pick five or six out of 82. And Doc said, well, this is more difficult than winning the 649. So I said, well, what? Let’s try that. So we picked six, and I hope you know we have the same way of predictability in lotto. So far, they are bang on. So we are in that kind of a lockstep, year after year. And so the IronCAP toolkits at the end of the day is bang on lockstep with this candidate. And so we are, we're exactly supporting everything like the Dilithium, Kyber, Falcon and SPHINCS+ end. Also, one more that we predict will be the winner is Classic McEliece. This is still in the run, but it's already in toolkits.
-
Tim Callan
So this is essentially this is an NSDK. I can take this, I can plug it into my existing software, and it will allow me to use these algorithms. Is that right?
-
Andrew Chung
Absolutely. So, I will say virtually any, any people that uses PKI because we have built around not only just a library like a lib, but we also build around the Open SSL connectivity and PKCS 11 connectivity. So in other words, like most application that uses PKI, they are either using this or there and they can – the level, we call it abstraction, would make it easy for any people to convert.
-
Tim Callan
Got it. And then so let's, let's fast forward to what we want to talk about today, which is, you guys are doing this yourselves. And this is what I found so interesting is, Jason and I talk about this topic a lot. And normally, we're talking about sort of open interoperable standard certificates that you could take and you can plug into any system that's being supported anywhere and as such, you can't really implement PQC today, because you can't plug it into system and where it works. And what I found fascinating when I learned about what you were doing at RSA, was that you guys at IronCAP are moving forward anyway. And so let's talk about that. How is it that you accomplish that and what sorts of things are you doing with it?
-
Andrew Chung
There are quite many things. But first of all, I really like your earlier comment that we eat our own food. So we actually inject our own vaccine. Let's put it this way. First of all, it was the remote access because we have been selling remote access for a long time. So we kind of injected the post-quantum into our own solution. And then making like something that really someone can use and that is quantum safe.
And then other thing that we have done was a PQC compliant email encryption system, which is like a plug into your Outlook that is end to end. So if I, Andrew, is sending an email to Tim, using the IronCAP x plugin, it will be encrypted on my Outlook, and then sending all the way to Tim. And only Tim with the private key can decrypt. So anyone in the middle, even if the authority, or whoever get ahold of the email, they will never be able to decrypt. I always jokingly say that if Hillary Clinton had that in 2016, maybe she'll be in the White House, rather than Trump.
Anyway, so that's email or another thing we have done was a partnership with a consortium of cryptocurrency player in Asia last year about, I will say 12 months ago, that they gave us the Solana network and asked us to hey, you know what, prove to us that you can integrate your IronCAP into the Solana blockchain and making it a, like a quantum safe coin, and with a wallet that you can prove to us that it is integratable.
So, that's what we have done, among other smaller things. Those are the major, I would say, notable applications that we have done in the last two years.
-
Tim Callan
And the reason that you can do this earlier than what Jason and I normally talking about is because you control the whole thing, right? This is essentially what I often refer to as a walled garden and that's why you're able to do that. Is that right, Andrew?
-
Andrew Chung
That is very much true. It’s because we have the solution. Like, for example, again, the email. We own the whole point to point. So we have all the free hand to integrate the IronCAP into the solution, either using PKCS 11 as the conduit, or Open SSL or the straight library.
-
Tim Callan
Right. To be clear on that point, if I get your Outlook download, and I send an email to someone who hasn't installed it on their on their end, my mother, she can't actually get PQC encryption because you're not sitting on both ends. Because you do need to control both ends. Is that correct?
-
Andrew Chung
That's right. But what we have done was adding some kind of the auto detection and invitation mechanism. We have a key exchange server in between so we can detect if Tim is not a user at the point of sending, we would see that Tim's email address is not on the KES server. So we would automatically inject an invitation in the email saying, hey, this is encrypted but if you click here to download the plugin, then it will be able to decrypt and read the message and kind of like invite someone to come in.
-
Jason Soroko
So, Andrew, I'm assuming that you're publishing and moving the public keys between each of the players so that they can decrypt each other. Is that right?
-
Andrew Chung
Right. So they can actually encrypt using the public key, but it’s only the actual user who has the private key can decrypt.
-
Jason Soroko
That's right. So in this model, I'm thinking of other systems that are out there, like Tailscale for alternatives to VPN, where they have centrally managed the public keys, and publish those out to where necessary, obviously, the users themselves hold their own private keys. And those public private key pairs are generated locally. And the public keys are kept in some kind of central server. And that's what this invitation function is. So is that the similar kind of model? Are the public keys actually moving as well, or are you completely centralizing where the public keys are, and using that as just a directory?
-
Andrew Chung
In fact, the key exchange server, as the name sounds, is to exchange the public key. So it is being loaded on the key exchange server, and then whoever that needs to encrypt the email for, say for Jason, that person would go to the KES, key exchange server, grab your public key encrypted for you, and then only you have the Jason private key can decrypt. That's exactly the same concept. And that's exactly why it has to be quantum safe because it used to be we have been spoiled by the 40 years of unbreakable PKI. You know, that people are assuming that you cannot reverse the public key, but not until Q day. When Q day line was crossed, right, then it's no longer safe. So that's why the world has to move to the post-quantum. Otherwise, the whole thing, just breaks. You know. That we have been trusting for the last 40 something years.
-
Jason Soroko
Andrew, maybe another question now. I can see this as being net new systems that where people who have secrets that are very important - Tim and I talk about this, this problem of the harvest and decrypt issue where people could be harvesting encrypted information now that are encrypted with RSA and ECC, and decrypted at some point in the future, when quantum computers become capable of doing that. That's about the big problem. So I would imagine that your use cases are for people who are, they recognize the fact that they have secrets now that they want to encrypt with post-quantum algorithms sooner than later, which there's a certain number of people who are going to need that. What do you think about bridging technologies for post-quantum? So, to me, it looks like - you can correct me if I'm wrong - it sounds like what you're doing is you're using natively PQC certificates in order to be able to do this. You know, private key, public key pairs. But there's nothing in the middle. There's no hybrid certificate going on to be able to talk with legacy systems, because in fact, you're not a legacy system, you are a net new post-quantum native. So just give us some color around bridging with older systems and where the play is for people who want truly native systems like this.
-
Andrew Chung
In fact, it's very true. You have raised a very valid question here, that there must have existing kind of like a transitional time, where someone said, hey, we still want to have the traditional RSA per se, plus the PQC. So in that case, they can easily have a certificate that are having both. They call it hybrid certificate. And we are totally supporting that. It is just basically an extension of the existing format of the department, of the certificate, to support one more key putting in and whatever the customer wants, you can just do a hybrid encryption or a signature. You sign both.
-
Tim Callan
So I get that. We've talked about hybrid certificates a lot. I guess help me understand Andrew. I had thought that part of the point of your system, as Jason put it, to coin a new phrase you just coined Jason, is you guys are PQC native and the nice thing about being PQC native is you don't need hybrid certificates, you don't need to transition, you don't have anything. Like one of the things we've talked about in the past is the problem with the hybrid model is as long as the old algorithm is available, then harvest and decrypt is a vulnerability. And even if PQC is available, as well. And so under these circumstances, I’m not quite sure I'm following what's the scenario where if I did control the entire walled garden, and I did want to be PQC, how does that backward compatibility even come into this?
-
Andrew Chung
This you have raised not a very good point that we actually come across with our project in the Solana. The project. Now, yes. if we have the project without remote access, or VPN, or email, it is a total closed ecosystem, that we don't need hybrid. It’s just like pure, self-contained PQC applications, right. But then if there are something that is already there, and you cannot change it - for example, Solana, like or a cryptocurrency, the blockchain is already huge out there. You cannot change and recreate the blockchain. What happened? When we were doing the Solana project, we dug into the inner structure of Solana, we found that it was like quite interesting. They hard coded – you wouldn’t believe it. They hard-coded ECC - elliptic curve - into their structure. So that means that it is only less than one kilobyte of structure to contain the key, even Dilithium is small. It's still more than one kilobyte. So you cannot do it. And they have already hard-coded everything.
So in this case, even though we are using IronCAP, we have to adopt a kind of like an out of the box, or we call off chain authentication, so that we can ride on top of the existing chain to make it quantum-safe. So there are things like that that happened and this is too new. We just found that out only less than six months ago, and we did it.
-
Jason Soroko
That's not surprising. So therefore, even something that's PQC native can act as an abstraction layer on top of an existing hard-coded legacy encrypted system, is what you're describing there. That's quite interesting. For those people who are listening, I don't have at my fingertips, the podcast where Tim and I talk about cryptographic wallets but what we are talking about here, because a lot of you might be scratching your head saying, hey, you know, blockchain systems are about hash chains for the ledger, what the heck does PKI have to do with this? Don't forget the cryptographic wallet is a generated key pair and the address of your wallet is the public key. So this is what we're talking about here. And thanks, Andrew, for some of those insights on Solana.
-
Andrew Chung
It is really worth mentioning. Like Jason, you touch a very good point that a lot of people say hey, you know what, blockchain is quantum-safe. It's actually quantum computer this will put no stress on the structure of blockchain, which I agree 100%. However, there is one problem. Is in the blockchain, everyone generating a transaction has to sign. You have to sign it. And then everyone that validating the transaction has to sign. That involves signature and verification, which means is PKI. So if this is being broken, it doesn't, it's like you have the best lock for your house, but then you put the key under the mat. Forget it. Everything got broken. So this is where blockchain has the true vulnerability against the quantum safety.
-
Jason Soroko
Good point, Andrew. Thanks for that.
-
Tim Callan
Wow. So, ok. I think that's great. So you talked about that scenario. I think that's really fascinating. As opposed to, let's say, the VPN where presumably you're sitting on both sides, and we're just playing PKC native, pure and simple. And we never touch RSA ever again in our lives. Is that right?
-
Andrew Chung
Exactly.
-
Tim Callan
Wow. So Andrew, I think that's great. I think that's a wonderful overview of this idea that these really can be things for today, and again, Jason and I are so focused on the what needs to happen for us to roll it out everywhere across every system, etc, that it's nice to take a different angle on it and say, look, we can start using it right now. And so I presume that someone who uses this would be someone who felt that they were a high enough value target that harvest and decrypt was a real risk, and that they wanted to take measures they could today to at least, you can't eliminate, but at least minimize the harvest and decrypt opportunity. Am I getting that right?
-
Andrew Chung
I would say absolutely. We just touch about blockchain and cryptocurrency. I bet you out there, the hackers, the bad actors are all capturing your public key. And they just couldn't do anything yet. Once they can do it watch your wallet. It’ll be gone. I am 100% sure about that. Because they just follow the money.
-
Tim Callan
So maybe it's a good time to convert your crypto currency into stocks or gold. All right. Cool. Um, I think that's a great explanation. Jason, you want to add anything or ask anything else?
-
Jason Soroko
No. It’s so great to have you as a guest. Guests are like the oxygen in the room for this podcast. And thank you so much for taking the time out to join us.